package cn.edu.tju.core.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class CorsConfig {

   @Bean
   public CorsFilter corsFilter() {
      UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
      CorsConfiguration config = new CorsConfiguration();

      // 如果不需要带 cookie，就不要 setAllowCredentials(true)
      // 并且用 addAllowedOriginPattern("*") 支持所有域名
      config.addAllowedOriginPattern("*");
      config.addAllowedHeader("*");
      config.addAllowedMethod("*");

      // 只对 /api/** 生效
      source.registerCorsConfiguration("/api/**", config);
      return new CorsFilter(source);
   }
}
